From christianbiere at gmx.de Tue Dec 6 23:00:45 2005 From: christianbiere at gmx.de (Christian Biere) Date: Wed Dec 7 00:34:58 2005 Subject: libgcrypt fails to use /dev/random on NetBSD In-Reply-To: <20050908234706.GA23111@cyclonus> References: <20050908234706.GA23111@cyclonus> Message-ID: <20051206220045.GA7070@cyclonus> Christian Biere wrote: > The configure script of libgcrypt has "/dev/srandom" hardcoded for NetBSD > instead of "/dev/random". This means libgcrypt will try to access a > non-existing device at runtime and fall back to a replacement method to > gather entropy which is likely to be (much) weaker. I've noticed that the fairly trivial patch I've submitted hasn't been applied yet. Was my mail lost, is there something with the patch or was it fixed in a different way and I just didn't notice? -- Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : /pipermail/attachments/20051206/2b081f99/attachment.pgp From wk at gnupg.org Thu Dec 8 15:44:38 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Dec 8 15:46:58 2005 Subject: libgcrypt fails to use /dev/random on NetBSD In-Reply-To: <20051206220045.GA7070@cyclonus> (Christian Biere's message of "Tue, 6 Dec 2005 23:00:45 +0100") References: <20050908234706.GA23111@cyclonus> <20051206220045.GA7070@cyclonus> Message-ID: <87oe3rfy21.fsf@wheatstone.g10code.de> On Tue, 6 Dec 2005 23:00:45 +0100, Christian Biere said: > I've noticed that the fairly trivial patch I've submitted hasn't > been applied yet. Was my mail lost, is there something with the > patch or was it fixed in a different way and I just didn't notice? Thanks for the reminder. Just applied it to the SVN (stable and devel). Shalom-Salam, Werner From Frediano.Ziglio at vodafone.com Thu Dec 22 10:32:54 2005 From: Frediano.Ziglio at vodafone.com (ZIGLIO, Frediano, VF-IT) Date: Thu Dec 22 11:37:52 2005 Subject: Easy patch for constification Message-ID: Patch attached add many const specifier on ciphers. Constification can improve performance cause it add some informations to compiler and also can save you in case of corruption of memory transforming some potential buffer overflows to DoS. Some questions about code: - why are selftests always compiled in ? IMHO is better to make tests before installing and remove them from final installed code - gcry_cipher_spec contains a lot of not constant fields. Is this expected or just for back compatibility? Is expected that for instance someone can change aliases or oids ? - module deallocation (like ciphers_registered) is not handled. This can be a problem in environment where libgcrypt is loaded and unloaded dynamically leading to memory leaks Regards, Frediano Ziglio -------------- next part -------------- A non-text attachment was scrubbed... Name: libgcrypt.diff.gz Type: application/x-gzip Size: 10328 bytes Desc: libgcrypt.diff.gz Url : /pipermail/attachments/20051222/f944c993/libgcrypt.diff.bin From gcrypt at dstoecker.de Thu Dec 22 12:02:56 2005 From: gcrypt at dstoecker.de (Dirk Stoecker) Date: Thu Dec 22 12:02:43 2005 Subject: Easy patch for constification In-Reply-To: References: Message-ID: On Thu, 22 Dec 2005, ZIGLIO, Frediano, VF-IT wrote: > - module deallocation (like ciphers_registered) is not handled. This can > be a problem in environment where libgcrypt is loaded and unloaded > dynamically leading to memory leaks There is a patch for this and related problems, but it will not be applied by GCRYPT maintainers for very strange reasons. You can find it e.g. in my last mail to this list and soon on a special webpage. Ciao -- http://www.dstoecker.de/ (PGP key available) From Frediano.Ziglio at vodafone.com Thu Dec 22 17:21:47 2005 From: Frediano.Ziglio at vodafone.com (ZIGLIO, Frediano, VF-IT) Date: Thu Dec 22 17:21:23 2005 Subject: DSO leak Message-ID: Well, I think that Dirk Stoecker's patch to fix leak on loading/unloading libgcrypt is useful (at least for me). I work on FreeTDS project. This project provide some driver to dialog with Microsoft SQL Server (mssql) database. Well... where does libgcrypt came into this? We use GnuTLS to open a SSL connection to mssql. GnuTLS use libgcrypt for cipher/digest/pk. The problem raise from our ODBC driver. ODBC drivers are loaded dinamycally by Driver Manager (ie iODBC or unixODBC) and unloaded as needed. So at the end you have something like this: executable program => unixODBC => FreeTDS driver => GnuTLS => libgcrypt every time that program open a connection to mssql unixODBC can unload FreeTDS driver so it unload also GnuTLS and libgcrypt. Not handling DSO finalization all one time allocations became leaks for us. Regards, Frediano Ziglio (aka freddy77) From tthomas at chubb.com Wed Dec 28 18:57:26 2005 From: tthomas at chubb.com (Tod Thomas) Date: Wed Dec 28 20:04:19 2005 Subject: Solaris 10 64-bit Compile Problem Message-ID: <43B2D206.3030308@chubb.com> We're upgrading one of our boxes to 64-bit Solaris 10. I got lib-gpgerror-1.0 to compile and install fine with: ./configure CC=gcc CFLAGS=-m64 --prefix=/export/home/ldap/usr/local --with-gnu-ld When I try to compile libgcrypt-1.2.1 I get: . . /bin/bash ../libtool --mode=compile gcc -m64 -c -o mpih-add1.lo `test -f 'mpih-add1.S' || echo './'`mpih-add1.S gcc -m64 -c mpih-add1.S -fPIC -DPIC -o .libs/mpih-add1.o /usr/ccs/bin/as: "/var/tmp//ccwv441k.s", line 30: error: detect global register use not covered .register pseudo-op This error repeats a nummber of times. I narrowed it down to the compile of ./mpi/mpih-add1.S. Has anyone run into this? Thanks - Tod From tthomas at chubb.com Wed Dec 28 20:57:17 2005 From: tthomas at chubb.com (Tod Thomas) Date: Wed Dec 28 21:10:20 2005 Subject: Solaris 10 64-bit Compile Problem In-Reply-To: <43B2D206.3030308@chubb.com> References: <43B2D206.3030308@chubb.com> Message-ID: <43B2EE1D.2070701@chubb.com> BTW: I'm using gcc version 3.3.2, GNU assembler version 2.15 (sparc-sun-solaris2.10) using BFD version 2.15, GNU ld version 2.15 Supported emulations: elf32_sparc elf64_sparc all from Solaris 10 install. Tod Thomas wrote: > We're upgrading one of our boxes to 64-bit Solaris 10. I got > lib-gpgerror-1.0 to compile and install fine with: > > ./configure CC=gcc CFLAGS=-m64 --prefix=/export/home/ldap/usr/local > --with-gnu-ld > > When I try to compile libgcrypt-1.2.1 I get: > . > . > > /bin/bash ../libtool --mode=compile gcc -m64 -c -o mpih-add1.lo `test > -f 'mpih-add1.S' || echo './'`mpih-add1.S > gcc -m64 -c mpih-add1.S -fPIC -DPIC -o .libs/mpih-add1.o > > /usr/ccs/bin/as: "/var/tmp//ccwv441k.s", line 30: error: detect global > register use not covered .register pseudo-op > > This error repeats a nummber of times. > > I narrowed it down to the compile of ./mpi/mpih-add1.S. Has anyone run > into this? > > > Thanks - Tod From tvainika at niksula.hut.fi Sat Dec 31 13:45:44 2005 From: tvainika at niksula.hut.fi (Tommi Vainikainen) Date: Sat Dec 31 17:01:34 2005 Subject: Typos in manual Message-ID: <871wztigef.fsf@thv.iki.fi> Hello, while reading the manual of libgcrypt, I noticed some writing errors: Index: cvs/libgcrypt/doc/gcrypt.texi =================================================================== --- cvs/libgcrypt/doc/gcrypt.texi (revision 1142) +++ cvs/libgcrypt/doc/gcrypt.texi (working copy) @@ -1137,7 +1137,7 @@ AES (Rijndael) with a 128 bit key. @item GCRY_CIPHER_AES192 -@itemx GCRY_CIPHER_RIJNDAEL128 +@itemx GCRY_CIPHER_RIJNDAEL192 AES (Rijndael) with a 192 bit key. @item GCRY_CIPHER_AES256 @@ -1418,7 +1418,7 @@ @var{inlen} is @code{0}, in-place encryption of the data in @var{out} or length @var{outsize} takes place. With @var{in} being not @code{NULL}, @var{inlen} bytes are encrypted to the buffer @var{out} which must have -at least a size of @var{inlen}. @var{outlen} must be set to the +at least a size of @var{inlen}. @var{outsize} must be set to the allocated size of @var{out}, so that the function can check that there is sufficient space. Note, that overlapping buffers are not allowed. @@ -1438,7 +1438,7 @@ @var{inlen} is @code{0}, in-place decryption of the data in @var{out} or length @var{outsize} takes place. With @var{in} being not @code{NULL}, @var{inlen} bytes are decrypted to the buffer @var{out} which must have -at least a size of @var{inlen}. @var{outlen} must be set to the +at least a size of @var{inlen}. @var{outsize} must be set to the allocated size of @var{out}, so that the function can check that there is sufficient space. Note, that overlapping buffers are not allowed. @@ -1886,7 +1886,7 @@ Because it is often necessary to get the message digest of one block of memory, a fast convenience function is available for this task: -@deftypefun void gcry_md_hash_buffer (int @var{algo}, void *@var{digest}, const cvoid *@var{buffer}, size_t @var{length}); +@deftypefun void gcry_md_hash_buffer (int @var{algo}, void *@var{digest}, const void *@var{buffer}, size_t @var{length}); @code{gcry_md_hash_buffer} is a shortcut function to calculate a message digest of a buffer. This function does not require a context and @@ -3022,7 +3022,7 @@ @example @{ gcry_ac_key_pair_t key_pair; - gcry_ac_key_spec_rsa rsa_spec; + gcry_ac_key_spec_rsa_t rsa_spec; rsa_spec.e = gcry_mpi_new (0); gcry_mpi_set_ui (rsa_spec.e, 1) @@ -3091,7 +3091,7 @@ are then forwared to the cryptographic primitives. Since schemes are to be used for a special purpose in order to achieve a particular security goal, there exist ``encryption schemes'' and ``signature -schemes''. Encoding methods can be used seperately or implicitely +schemes''. Encoding methods can be used separately or implicitly through schemes. What follows is a description of the cryptographic primitives. @@ -3391,7 +3391,7 @@ string is inserted into the resulting S-expression. @item %d The next argument is expected to be of type @code{int} and its -value ist inserted into the resulting S-expression. +value is inserted into the resulting S-expression. @item %b The next argument is expected to be of type @code{int} directly followed by an argument of type @code{char *}. This represents a -- Tommi Vainikainen